If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Where to start

I've decided that I want to get into computer security and learn all about it. I've looked through all of the tutorials and such and they are very helpfull. But what I really need to know right now is where do I begin? I need a starting point, which types of security i should start with, what I need to know before I begin this venture, and any other help would be appreciated.

2. Have an infrastructure and learn how to secure it - obviously mileage can vary here.

In short, computer security isn't something you can know everything about. Understanding the computer, it's OS, it's apps etc. and being able to effectively mitigate the threat by means other than waiting for the patch is probably about the best you can do. If you can exceed that and leave the computer usable by an idiot then you have found the "key"....

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Take it from someone that has tried to learn everything only to continueally end up reading another article or book that points to something else I need to learn or catch-up on. Like Tiger said, it is pretty damn improvable to learn absolutely everything. You can, but you will
1. not sleep, 2. not have a social life, and 3. Not remember half of it.

It is funny, the more stuff I learn the more stuff that isn't readily accessable in my memory. I can remember it, but something has to tap on it, or have me to think about it, for me to remember it.

Now for your question. I say you dable in every area for a little. (Yea, I know this is completely against what I just said.) The reason for this is, you won't truely be sure what you like until you try a little bit of everything.

The next question you need to pose to yourself, is "Why do I want to learn this?" If it is simply to increase your own personal knowledge then there are a lot of things you can cut out. If it is to get a job, then there are a lot of things you can cut out. You need to figure out why you want to learn, and then you can better single in on what you want to learn. I will say in my own personal opinion, the programming side is most fun. Learning to code, working on coding, and then working on exploiting code is the most fun. Which is pretty much the underlining effect of everything.

I would personally say start at just bs programming. Pick up a langauge, and go from there.

My chosen field is UNIX Systems Design and Management. Given 15 years experience, and several large scale
environments I have worked in; it is relatively easy to focus a lot of time and energy on UNIX/Linux security.

Sure, there is some bleed over into other areas like network, web, and physical security. For the most part
though I look to folks that specialize in those fields to implement a secure design, rather than trying to do
it all myself.

If you choose OS security management, beware that often times what would be the most secure just isn't going
to be possible. You manage systems because the company and your users need them for some business purpose.
If the business needs and the security needs are in conflict guess who loses. I don't know your situation, but you
will likely find that your first security job will be at a company full of old, unpatched systems that absolutely must
stay that way for some support reason or another. That's what makes 'real' security far more challenging than
the theoretical scenarios found in books and suggested in articles on securityfocus.com.

Just remember this and you'll be fine. A lot of security is keeping one eye on the big picture, and the other eye on anything that looks out of place.

My chosen field is UNIX Systems Design and Management. Given 15 years experience, and several large scale
environments I have worked in; it is relatively easy to focus a lot of time and energy on UNIX/Linux security.

Sure, there is some bleed over into other areas like network, web, and physical security. For the most part
though I look to folks that specialize in those fields to implement a secure design, rather than trying to do
it all myself.

If you choose OS security management, beware that often times what would be the most secure just isn't going
to be possible. You manage systems because the company and your users need them for some business purpose.
If the business needs and the security needs are in conflict guess who loses. I don't know your situation, but you
will likely find that your first security job will be at a company full of old, unpatched systems that absolutely must
stay that way for some support reason or another. That's what makes 'real' security far more challenging than
the theoretical scenarios found in books and suggested in articles on securityfocus.com.

Just remember this and you'll be fine. A lot of security is keeping one eye on the big picture, and the other eye on anything that looks out of place.

hrm

Well im not really looking for a job right now, im only going into tenth grade. But, i figure if i start learning now about what i need to know, ill be a small step ahead when going to college and eventualy getting a job. But thanks for all the help so far.

Re: hrm

Originally posted here by The Exploit Well im not really looking for a job right now, im only going into tenth grade. But, i figure if i start learning now about what i need to know, ill be a small step ahead when going to college and eventualy getting a job. But thanks for all the help so far.

Well, I would suggest that you've already begun, just by being inquisitive. The best thing you can do is get experience. One can assume you enjoy working with computers and technology; I would pursue that, learn as much as you can. Ways to help with this may seem boring or dull, but they can help you earn a lot of skill and the ability to troubleshoot (read:ability to THINK). Being a student-assistant at school for the computer lab is a good way to get started. Get your hands on an old system cheap (you can possibly find a way to earn one by working, if you can't afford one out of pocket) and install every operating system you can get your hands on, playing with each and learning what you like. Learn Windows well enough to be useful, learn *NIX well enough not to be completely lost at a CLI or X-desktop. Begin to pursue the fundamentals of TCP/IP and how a LAN works.

Also, there are some great books you can read, if you are so inclined. An oldy-moldy, but very good one is The Cuckoo's Egg by Cliff Stoll:http://tinyurl.com/cr77f
ISBN 0743411463

There are others; 'The Art of Deception' by Kevin Mitnick, 'Corporate Espionage' and 'Spies Among Us' by Ira Winkler, and many many more... but this one should help you get a good start.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Also, there are some great books you can read, if you are so inclined. An oldy-moldy, but very good one is The Cuckoo's Egg by Cliff Stoll:http://tinyurl.com/cr77f
ISBN 0743411463

There are others; 'The Art of Deception' by Kevin Mitnick, 'Corporate Espionage' and 'Spies Among Us' by Ira Winkler, and many many more... but this one should help you get a good start.

I say, If anything those book are great for entertainment purposes but other than that I really doubt each and every single one of those books have something to tell me that I haven't heard before. I think Barry had "pretty damn good advice" in both posts of this thread.